CVE-2009-1705 — Out-of-bounds Write in Apple Safari

CWE-1893 documents3 sources

Severity

9.3CRITICALNVD

EPSS

5.2%

top 10.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJun 10

Latest updateMay 2

Description

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/safari3.2.3+11

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3g5-fg6f-g2mh: CoreGraphics in Apple Safari before 4↗2022-05-02

▶

💬Community

Bugzilla

CVE-2008-5718 netatalk: papd command injection vulnerability↗2009-01-19

▶